NIST 800-171 R-3.4.3
Track and Approve Changes
Official citation: 3.4.3
Class: core · Severity: high
Statement of the obligation — verify against source
3.4.3
What it means
Control changes to your systems through configuration change control: propose, justify, test, review, approve or reject, and log each change — including baseline and setting changes, vulnerability fixes, and any unscheduled or unauthorized changes. Change Control or Change Advisory Boards review and approve proposed changes, and audit logs capture the activity before and after each change.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.